Configure CloudTrail for a Single AWS Account

To configure CloudTrail for a single AWS account, create a CloudFormation stack that configures an EventBridge rule to listen to events on the AWS account.

Before you begin:

  • Sign in to your AWS account as an administrator.

  • Onboard your AWS cloud accounts.

    For more information, see Onboard AWS Accounts.

To deploy the CloudTrail for a single AWS account using the CloudFormation template:

  1. Access Tenable Cloud Security.

  2. In the left navigation bar, click Integrations.

  3. To connect your AWS CloudTrail account, click the AWS CloudTrail tile.
    The AWS CloudTrail window appears.

  4. Click next to the AWS account that you want to configure for AWS CloudTrail and click Configure.

  5. In the Select the configuration method section, click the Connect an individual AWS account option.

  6. Click Continue.

  7. In the Select the AWS account to configure section, select the AWS account number that you want to configure for AWS CloudTrail.

  8. Click Continue.

  9. In the Provision account level trail stack set section, click Launch Stack to create a CloudFormation stack that configures forwarding CloudTrail events to an EventBridge bus.

    Tenable Cloud Security redirects you to the Quick create stack page in AWS. The CloudFormation template for the stack deploys a CloudTrail event-driven pipeline that is used by Tenable Cloud Security to detect configuration changes in your AWS environment.

    1. Review the parameters in the stack template and update, if required.

      For more information, see AWS Stack Parameters for Account-Level CloudTrail.

      Note: Tenable Cloud Security does not support log monitoring for a single AWS account in multiple regions.
    2. In the Capabilities section, select the I acknowledge that AWS CloudFormation might create IAM resources.check box to confirm creating the IAM resources with required permissions.

    3. Click Create stack.

      Wait for the stack to get created and its status to become CREATE_COMPLETE. Copy the stack ARN of the deployed stack from the Stack info tab.

  10. In Tenable Cloud Security, paste the stack ARN in the Stack ARN box.

  11. Click Connect.

    The AWS CloudTrail page appears with the status of the AWS account number as Configured.